<?php

/*
	This file is part of Mandragon.

    Mandragon is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    Mandragon is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Mandragon.  If not, see <http://www.gnu.org/licenses/>.
*/

$no_menu = 1;

class CommentPage {

	private $alerter;
	private $access;
	
	public function __construct() {
		$this->alerter = new Alerter();
		$this->access = new AccessManager();
	}

	public function set_access_manager($access) {
		$this->access = $access;
	}

	/**
	 * adds extra access checks, dependent on page state
	 */
	function page_inc_check_access($page) {
		$this->access->check_access("READ");
		$this->access->check_access("COMMENT");
	}

	/**
	 * appropriate page action interpretations
	 */
	function page_inc_execute_action($action) {
		switch($action) {
			case "edit":
				if (!has_access("MODERATE") and !has_access("ADMIN"))
					errorpage(5);
				break;
			default:
				$this->alerter->add_alert("unknown action");
				break;
		}
	}

	/**
	 * execute page logic
	 */
	function page_inc_execute($page) {

		$creator = new FormCreator();
		$THISDIR = $page->directory_tree[$page->dir_depth-1];
		
		if ($_POST['delete'] and $_GET['action'] == "edit") {
		
			if (!$_POST['comment_id'])
				errorpage(9);
		
			if (!$_POST['confirmed']) {
				$page->content['form'] = $creator->confirm("Zeker dat dit commentaar weg moet?");
				return;
			} else if ($_POST['confirmed'] == "YES") {
				$sql = db_query_delete("ITEM_COMMENT", "item_comment_id = {$_POST['comment_id']}");
				db_do_query($page, $sql);
				die("deleted");
			}
			
		}

		if ($_POST['submitted']) {
		
			$checker = new InputChecker();
			
			$ok = $checker->check_tags($_POST['name'], "naam") &&	
				  $checker->check_exists($_POST['name'], "naam")  &&
				  $checker->check_email($_POST['email'], "email") && 
				  $checker->check_exists($_POST['email'], "email")  &&
				  $checker->check_exists($_POST['body'], "commentaar") && 
				  $checker->check_tags_markup($_POST['body'], "commentaar");
			
			if ($ok) {
				
				if ($_GET['action'] == "edit") {
					if (!$_POST['comment_id'])
						errorpage(9);
					$sql = db_query_update(array('posted_by', 'posted_by_email', 'body'), array(db_sqlize($_POST['name']), 
										   db_sqlize($_POST['email']), db_sqlize($_POST['body'])), "ITEM_COMMENT", 
										   "item_comment_id = {$_POST['comment_id']}");
				} else {
					$ipstring = $_SERVER["REMOTE_ADDR"]." - ".$_SERVER["HTTP_X_FORWARDED_FOR"];
					$sql = db_query_insert(array('item_id', 'posted_by', 'posted_by_email', 'posted_by_ip', 'posted_at', 'body'), 
										   array($page->id, db_sqlize($_POST['name']), db_sqlize($_POST['email']), db_sqlize($ipstring), 
										   "NOW(14)", db_sqlize($_POST['body'])), "ITEM_COMMENT");
				}
				db_do_query($page, $sql);
				
				die("ok!");
			
			}
		}
		
		if ($_GET['action'] == "edit") {
		
			$sql = db_query_select(array(array('*'), array()), array("ITEM_COMMENT", "ITEM_IN INNER JOIN SUB_IN ON ITEM_IN.sub_id = SUB_IN.sub_id"), "ITEM_COMMENT.item_id = ITEM_IN.item_id AND SUB_IN.dir_id = {$THISDIR['dir_id']}");
			$sqlresult = db_do_query($page, $sql);
			if (db_num_rows($sqlresult) != 1)
				errorpage(404);
			$comment = db_fetch_array($sqlresult);

		}
		$inputs = array();
		if ($_GET['action'] == "edit")
			$inputs[] = $creator->input_hidden("comment_id", $comment['item_comment_id']);
		$inputs[] = $creator->input_field("Naam", "name", $comment['posted_by']);
		$inputs[] = $creator->input_field("Email", "email", $comment['posted_by_email']);
		$inputs[] = $creator->input_text("Commentaar", "body", $comment['body']);
		if ($_GET['action'] == "edit")
			$inputs[] = $creator->input_checkbox("Dit commentaar verwijderen", "delete");
		
		$page->content['form'] = $creator->create("commentform", array_reverse($inputs), $REQUEST_URI);
		
		$page->content['title'] = "Reageren op item #{$page->id}";
	}

	/**
	 * dress up page content using skin stuff
	 */
	function page_inc_dress($page) {
		print_form($page, $page->content['form']);
	}
}

?>